Stuxnet is one of the numerous standalone malware software (Chem & Abu, 2011). Stxnet can also be described as a malicious worm (Farwell & Rohozonski, February, 2011). Stuxnet Spreads to other computers by replicating itself. Researchers have discovered that Stuxnet was first used to attack Iran in 2007. Stuxnet is believed to be a hybrid malware (Paul & Woodward, 2010). The hybrid is believed to be consisting of worm, Trojan horse, rootkit and virus (Michael, 2009)The malware is Researchers have discovered that Stuxnet was first used to attack Iran in 2007 (Nawa, et al., 2012).
The spreading is facelifted by the presence of computer networks and failures in computer security systems (Farwell & Rohozonski, February, 2011). A failure in the security system of a target computer provides the best ground for the spread of Stuxnet. It is believed that Stuxnet has been in existence since as early as 2005. However, Stuxnet was first discovered in 2010 (Francesso, et al., 2013).
In the context of operations or incident management, there are several incidences where Stuxnet is believed to have been involved. It is believed that Stuxnet caused huge damages to the nuclear programs of the Iranians (Hagerott, December, 2014). Stuxnet is believed to target logic controllers specifically those that are programmable (Hagerott, December, 2014).
Stuxnet has attacked Iran’s systems for over 15 years. The attack has affected several areas such as nuclear facilities and atomic facilities (Kim, 2014). It is believed that this malware was designed in order to attack the milestones that Iran had taken in security developments (Krauze , Maciak, & Lisziewicz, 2013). It is also believed that Stuxnet was jointly developed by United States and Israel in a bid to counter the developments that Iran had taken in nuclear developments (Kushner, March, 2013). Other areas in Iran that have been attacked by Stuxnet are areas like power plants, gas lines, water treatment facilities and the computer systems (Pike, March 2014).
Stuxnet is believed to spread through USB flash drives from one computer to another (Paul & Woodward, 2010). In this way, it is able to spread across numerous computer systems and industries (Moos, December, 2015).
Stuxnet is not easily protected. It is understandable that the regular anti- viruses have failed to prevent Stuxnet. As a result, Stuxnet is believed to have jumped the “Air- Gap”. A case in point is where Stuxnet was released in the wild and attacked Iran only to be discovered a year later (VGL, 2009). It was later discovered that Stuxnet was released with a zero-day exploit that enables it to be non- detectable (Stuxnet Worm Impact on Industrial Cyber- Physical System Security, 2011). The malware is specifically designed to evade detection (Stuxnet Worm Impact on Industrial Cyber- Physical System Security, 2011). Furthermore, the protection code is hidden in the plain sight (Ping-Chung Kuo, Tsong-Long Hwang, Ying-Ting Lin, Yuh-Chi Kuo, & Yann-Lii Leu, May, 2011).
It is also argued that “consumer- grade antivirus products cannot protect against those malwares designed by well-resourced nations”.
Quantitative Risk Analysis
Exposure factor (EF) is the percentage of potential loss to a given asset if a particular threat has taken place (Alfreda, James, & Giovanni, 2011). In this scenario, EF is given by (In case of a successful Air Strike, expected loss/Total Cost of the Nuclear Programme (Asset Value))*100% (Babak, Andrew, & Francesca , 2014). The resulting value of EF is 50%.
Single Loss Expectancy (SLE) is given by the projected amount of loss that is likely to occur in one particular instance of the occurrence of the threat (Bright & Arthur, March, 2010). SLE is the product of the asset value and the exposure factor (EF). The SLE in our scenario is $50, 000 Million.
Annualized Rate of Occurrence (ARO) is projected number of the threats occurring in a period 1 year. ARO in our scenario is 0.05. Annualized Loss Expectancy (ALE) is the product of single loss expectancy (SLE) and Annualized Rate of Occurrence (ARO). ALE is $ 2500000000.
With S300 in place, Exposure Factor is 45, Single Loss Expectancy is $45000000000, annualized rate of occurrence (ARO) is 0.0450, and Annualized Loss Expectancy (ALE) is $2025000000.
The value of the Russian safeguard (S300) is 2,010,000,000 while the value of the Chinese safeguard (HQ18) is 2,017,500,000. Therefore, it is clear that the programme should implement HQ18 because it has a higher value than $300. The following table outlines the detailed output of the quantitative analysis in excel worksheet.
|
Exposure Factor= The percentage of potential loss to a given asset if a threat occurs |
|
EF= (In case of a successful Air Strike, expected loss/Total Cost of the Nuclear Programme (Asset Value))*100% |
|
50 |
|
EF= 50% |
|
Single Loss Expectancy (SLE, in $)= Asset Value*Exposure Factor |
|
$50,000,000,000 |
|
SLE=$50000000000 |
|
Annualised Rate of Occurrence (ARO)= This is projected number of the threats occurring in a period 1 year |
|
ARO= I/20 |
|
0.05 |
|
ARO=0.05 |
|
Annualised Loss Expectancy (ALE)= SLE*ARO |
|
$2,500,000,000 |
|
ALE=2500000000 |
|
Exposure Factor with S300 in place? (EF_S300)=0.9*EF |
|
45 |
|
Single Loss Expectancy with S300 in place? (SLE_S300)=Asset Value*0.45 |
|
$45,000,000,000 |
|
Annualised Rate of Occurrence with S300 in place? (ARO_S300)= ALE*0.9 |
|
$0.0450 |
|
Annualised Loss Expectancy with S300 in place? (ALE_S300)=SLE*ARO |
|
2025000000 |
|
ALE_$300= $2025000000 |
|
Value of the Russian Safeguard (S300)?=ALE_$300-Cost |
|
$2,010,000,000 |
|
Value of the Chinese Safeguard (HQ18)= ALE_$300 – Cost |
|
$2,017,500,000 |
|
Should the programme implement the S300 or HQ18? Why? |
|
The programme should implement HQ18. |
|
Reason: Because it has a higher value than $300 |
TOGAF
TOGAF Standards is best described as a framework and method for architecture development (Hagerott, December, 2014). ADM stands for Architecture Development Method (ADM). The basic structure of the ADM cycle consist seven requirements (Jeffrey, 2011).
“TOGAF which is primarily focused on commercial implementation with a bank, for example, the requirements could look something like: Compliance with federal and state legislation, Public confidence in your enterprise by providing confidentiality, availability and integrity of customer data, Privacy of customer data, Interoperation with other financial institutions, both nationally and internationally, Compliance with international standards, Security of all bank assets and Current trends in customer engagement via the internet|”.
In the same way, we can come up with the requirements in our case. We are interested in protecting Iran’s data and privacy. In our scenario, the requirements would be like: Protecting Iran’s Nuclear facility, Protecting Iran’s nuclear data, safeguarding nuclear past and present activities, safeguarding personal data of nuclear operators, safeguarding privacy of atomic activities of Iran, Protecting Iran’s computer systems and safeguarding Iran’s internal security data.
Have two, for twice the price” option
It is possible to examine whether the phrase “have two, for twice the price” is valid in our scenario with Stuxnet. We examine whether it would be a valid HA/DR option in our case. HA/DA in this case stands for high availability/Disaster Recovery (Jenkins, April, 2013). High availability/disaster recovery is a way of providing solutions for complete or partial failure of the systems (Kenney, 2015). It is a way of protecting data loss replicating the changes from the sources. This implies that we need to have two sets of data or replicating the data right from the source (VGL, 2009).
Therefore, in the case where Stuxnet has infected the site and replicates the data, then it could be easier to retrieve the replicated data. This is simply because HA/DR is a way of backing up the data to prevent the loss by the malicious worms such Stuxnet (Williams, February, 2012). Therefore, have two, for twice the price is very valid in this case. Furthermore, from the quantitative analysis in the prior sections reveals that there are two options of obtaining safeguards against Stuxnet. Therefore, if getting two for twice price is possible then it should be applied.
References
Alfreda, D., James, B., & Giovanni, V. (2011). Investigating Cyber Law and Cyber Ethics: Issues, Impacts and Practices.
Babak, A., Andrew, S., & Francesca , B. (2014). Cyber crime and cyber terrorism investigator’s handbook.
Bright, & Arthur. (March, 2010). Clues Emerge About Genesis of Stuxnet Worm. Christian Science Monitor.
Chem, T. M., & Abu, N. S. (2011). Lessons from Stuxnet. 3.
Farwell, J. P., & Rohozonski, R. (February, 2011). Stuxnet and the Future of Cyber War. 18.
Francesso, D. C., Pascal, B., Alan, H., Sebastien, K., Per, H. M., & Massimo, F. (2013). Cyber Security and Privacy: Trust in the Digital World and Cyber Security and Privacy EU Forum 2013, Brussels, Belgium, April 2013, Revised Selected Papers. Springer.
Hagerott, M. (December, 2014). Stuxnet and the vital role of critical infrastructure operators and engineers. International Journal of Critical Infrastructure Protection, 3.
Jeffrey, C. (2011). Inside cyber warfare: mapping the cyber underworld.
Jenkins, R. (April, 2013). Is Stuxnet Physical? Does it Matter. 12.
Kenney, M. (2015). Cyber-Terrorism in a Post-Stuxnet World. 18.
Kim, Z. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon.
Krauze , A., Maciak, T., & Lisziewicz, M. (2013). The possibility of applying computer programs in Fire Safety Engineering. 14.
Kushner, D. (March, 2013). The real story of stuxnet. 6.
Michael, N. S. (2009). Tallinn Manual on th International Law applicable to Cyber Warfare.
Moos, J. (December, 2015). Cyber Forensics in a Post Stuxnet World. 2.
Nawa, Kazunari, Chandrasisi, Naiwala , P., Yanagihara, Tadashi, . . . Kentraro. (2012). Cyber physical system for vehicle application. International Conference on Cyber Technology in Automation, Control, and Intelligent Systems, 4.
Paul, & Woodward. (2010). Iran Confirms Stuxnet found at Bushehr nuclear Power Plant. warincontext.org.
Pike, J. (March 2014). Satellite Imagery of the Natanz Enrichment Facility. globalsecurity.org.
Ping-Chung Kuo, Tsong-Long Hwang, Ying-Ting Lin, Yuh-Chi Kuo, & Yann-Lii Leu. (May, 2011). Chemical constituents from Lobelia chinensis and their anti-virus and anti-inflammatory bioactivities. 8.
Stuxnet Worm Impact on Industrial Cyber- Physical System Security. (2011). 37th Annual Conference of the IEEE Industrial Electronics Society (IECON 2011), (pp. 7-10). Melbourne, Australia.
VGL, A. (2009). Computer Virus: Introducing… Computer Virus.
Williams, C. (February, 2012). Israel Videos Shows Stuxnet as one of its successes. London: Telegraph.co.uk.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download